1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
documentation_complete: true
title: 'Ensure /var/log/openshift-apiserver Located On Separate Partition'
platform: ocp4-node
description: |-
Openshift API server audit logs are stored in the
<tt>/var/log/openshift-apiserver</tt> directory.
{{{ partition_description(part="/var/log/openshift-apiserver") }}}
rationale: |-
Placing <tt>/var/log/openshift-apiserver</tt> in its own partition
enables better separation between Openshift API server audit
files and other log files, and helps ensure that
auditing cannot be halted due to the partition running out
of space.
severity: medium
identifiers:
cce@ocp4: CCE-86094-0
references:
nist: AU-4
pcidss: Req-10.5.3,Req-10.5.4
srg: SRG-APP-000357-CTR-000800
{{{ complete_ocil_entry_separate_partition(part="/var/log/openshift-apiserver") }}}
# (jhrozek): at the moment, the mount probe checks the /proc filesystem
# even if openscap looks at a chroot, which doesn't allow to check for
# mount points when checking RHCOS4 via CO
{{% if product != "ocp4" %}}
template:
name: mount
vars:
mountpoint: /var/log/openshift-apiserver
{{% endif %}}
|
